- 22 Sep 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
Axonius - Deploy Files and Run Shell Command on Windows Assets
- Updated on 22 Sep 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
Axonius - Deploy Files and Run Shell Command on Windows Assets deploys an optional list of selected files and runs a command line on each of the windows devices which are the results of the query.
- Not all asset categories are supported for all Enforcement Actions.
- See Actions supported for Activity Logs, Adapters Fetch History, and Asset Investigation modules.
- See Actions supported for Vulnerabilities.
- See Actions supported for Software.
General Settings
- Action name - The name of this Enforcement Action. The system sets a default name. You can change the name.
- Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
- Use stored credentials from the Active Directory adapter - Select this option to use the first connected Microsoft Active Directory (AD) adapter credentials.
Required Fields
These fields are required to run the Enforcement Action.
Even if you just want to deploy a file, you need to fill in the Command and Command name fields.
Command - Specify the command you want to run on the windows device. Add a condition to the command to print the result into the Command Name field. For example, "wmic computersystem get name" OR just "echo".
Command name - Specify the field name to be added to the device. If you set the Command field, then you must add a value to this field. This new field will be populated if a condition has been added in the command field.
Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.
Additional Fields
These fields are optional.
Connection and Credentials
When Use stored credentials from the adapter is toggled off, some fields are required to create the connection, while other fields are optional.
- User name and Password - Provide credentials to connect and to execute the command on the windows device: user name and password.
DNS Servers - Specify a comma-separated list of DNS servers to be used to resolve the hostnames in the saved query supplied as a trigger (or devices that have been selected in the asset table).
- If supplied, Axonius will use the specified DNS server to resolve the devices' hostnames. For each asset, the first response will be the one to be used.
- If not supplied or if no response has been received from any of the specified DNS servers, the default DNS server will be used.
Use NBNS - Use the NetBIOS Name Service protocol.
Max timeout for the created process - Set the maximum time (in seconds) for the created shell process to run before it is terminated.
Reset timer for each request in seconds - Set the maximum time for each WQL query to return a response.
Files to deploy - To deploy files on the device, use the following controls to upload one or more files:
- 'Choose file' - to choose a file to be upload.
- '+' - to upload additional file.
- 'x' - to remove the uploaded file.
NOTEThe uploaded files are deployed to the c:\windows\axonius folder. When uploaded, if a file with the same name already exists, it is overridden by the new uploaded file. Uploaded files are not automatically deleted.Path to Remote Files - Enter the path to the remote files to deploy. Remote services can be: FTP, SFTP, SMB or URL.
Suppress NetBIOS name lookup - Do not use the NetBIOS name lookup.
Additional HTTP headers - Enter any additional HTTP headers.
HTTP proxy - Connect the adapter to a proxy instead of directly connecting it to the domain.
- HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
Replace command variables with Axonius fields - You can use Axonius fields as values in command parameters in place of variables. For example, by creating a mapped field named "MY_FIELD", you can insert it into the command by adding the string "{AXONIUS_ATTRIBUTE:MY_FIELD}", using the keyword AXONIUS_ATTRIBUTE, where you want this value to be inserted. Each field must be enclosed in curly brackets to mark the beginning and end of the field name.
For example, the field TOKEN is used in the following command:
CsUninstallTool.exe MAINTENANCE_TOKEN={AXONIUS_ATTRIBUTE:TOKEN} /quiet
See Axonius to External Field Mapping for more information.
- Files Directory - Specify the directory to which the files uploaded by the Enforcement Action will be deployed.
- Gateway Name - Select the Gateway through which to connect to perform the action.
Required Ports
The following ports should be opened:
- 135 RPC
- 445 SMB
- Random port in the range: 1024-65535
For more details about other Enforcement Actions available, see Action Library.